You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

Configure PortalGuard to authenticate against a Federated Azure AD Tenant


You have federated your Office 365 tenant to use a 3rd party Identity Provider like PortalGuard. You now want to configure PortalGuard to authenticate users against Azure AD instead of an on-premises Active Directory. This is not possible because that tenant now expects to authenticate users against the 3rd party IdP which creates looping behavior. 


  • Password Hash Sync is enabled for your tenant (LINK)
  • Latest version of AzureAD Powershell Module (
    • Installation steps (LINK)


Create a new Home Realm Discovery Policy within your Azure Active Directory tenant (LINK to Microsoft article).

  1. Open Windows PowerShell.
  2. Connect to your Azure AD tenant.
    • Run 'Connect-AzureAD' and enter admin credentials.
  3. Create a policy to enable username/password authentication for federated users directly with Azure Active Directory for specific applications.
    • Run 'New-AzureADPolicy –Defintion @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuthPolicy -Type HomeRealmDiscoveryPolicy'
  4. Next, we will need to retrieve the new policy's ObjectID.
    • Run 'Get-AzureADPolicy' to view your new HRD policy
  5. Next, we will need to locate the service principal to assign the new policy.
  6. Login to Azure Active Directory and click 'Enterprise Applications'.
  7. Locate the ObjectID for the PortalGuard Authentication Client. 
  8. Assign the policy to your service principal.
    • Run 'Add-AzureADServicePrincipalPolicy -Id <VALUE FROM STEP 7> -RefObjectId <VALUE FROM STEP 4>'. 
  9. Complete.

REV. 06/2021 | PortalGuard

  • 141
  • 09-Aug-2021